CVE-2019-6843

MEDIUM

Modicon - DoS

Title source: llm

Description

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.

References (1)

[Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2019-281-02/

Scores

CVSS v3 4.9

EPSS 0.0036

EPSS Percentile 58.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (4)

schneider-electric/modicon_m580_firmware

schneider-electric/modicon_m340_firmware

schneider-electric/modicon_bmxcra_firmware

schneider-electric/modicon_140cra_firmware

Timeline

Published Oct 29, 2019

Tracked Since Feb 18, 2026